8.1

CVE-2026-43377

ksmbd: Don't log keys in SMB3 signing and encryption key generation

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Don't log keys in SMB3 signing and encryption key generation

When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and
generate_smb3encryptionkey() log the session, signing, encryption, and
decryption key bytes. Remove the logs to avoid exposing credentials.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 6.1.167
LinuxLinux Kernel Version >= 6.2 < 6.6.130
LinuxLinux Kernel Version >= 6.7 < 6.12.78
LinuxLinux Kernel Version >= 6.13 < 6.18.20
LinuxLinux Kernel Version >= 6.19 < 6.19.9
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.158
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/4084ed720d7d5f4e975c9e4a6267a552dad3b24a
Patch
https://git.kernel.org/stable/c/fec5c70b82af3f59f15bb984df94e5ad1fccfb1e
Patch
https://git.kernel.org/stable/c/3fe2d9ec166b7df9a8df6c0fdcfc210572e27e3f
Patch
https://git.kernel.org/stable/c/407cc37c21d51f9b9d4d20204b04890880cfa6ae
Patch
https://git.kernel.org/stable/c/c6b01b997a2094969e315f1ebfc1d64b8ae2163d
Patch
https://git.kernel.org/stable/c/441336115df26b966575de56daf7107ed474faed
Patch